package com.roadjava.rbac.security;

import org.springframework.web.filter.GenericFilterBean;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

public class DecryptionFilter extends GenericFilterBean {

    private final String secretKey;

    public DecryptionFilter(String secretKey) {
        this.secretKey = secretKey;
    }

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
            throws IOException, ServletException {

        HttpServletRequest httpRequest = (HttpServletRequest) request;
        HttpServletResponse httpResponse = (HttpServletResponse) response;

        // 检查请求URI是否为/login
        if ("/user/login".equals(httpRequest.getRequestURI())) {
            String encryptedPassword = httpRequest.getParameter("pwd");
//            System.out.println("解密过滤器: 处理请求中");
//            System.out.println("解密过滤器: 密钥: " + secretKey);
//            System.out.println("未解密的密码: " + encryptedPassword);
            String username = httpRequest.getParameter("username");
            System.out.println("[解密过滤器] 用户名: " + username);
            HttpServletRequest wrappedRequest = httpRequest;
            if (encryptedPassword != null) {
                try {
                    // 解密并设置为请求属性
                    String pwd = AESUtil.decrypt(encryptedPassword, secretKey);
                    wrappedRequest = new DecryptedHttpServletRequestWrapper(httpRequest, pwd);

                    // 打印解密后的密码
                    System.out.println("解密后的密码: " + pwd);
                } catch (Exception e) {
                    httpResponse.sendError(HttpServletResponse.SC_BAD_REQUEST, "密码解密失败");
                    System.out.println("密码解密失败: " + e.getMessage());
                    return; // 阻止继续处理
                }
            }

            // 继续过滤，使用包装后的请求
            chain.doFilter(wrappedRequest, response);
        } else {
            // 如果不是/login接口，直接继续过滤
            chain.doFilter(request, response);
        }
    }
}
//package com.roadjava.rbac.security;
//
//import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
//import org.springframework.security.crypto.password.PasswordEncoder;
//import org.springframework.web.filter.GenericFilterBean;
//
//import javax.servlet.FilterChain;
//import javax.servlet.ServletException;
//import javax.servlet.ServletRequest;
//import javax.servlet.ServletResponse;
//import javax.servlet.http.HttpServletRequest;
//import javax.servlet.http.HttpServletResponse;
//import java.io.IOException;
//
//public class DecryptionFilter extends GenericFilterBean {
//
//    private final String secretKey;
//    private final BCryptPasswordEncoder bCryptPasswordEncoder;
//
//    public DecryptionFilter(String secretKey, PasswordEncoder passwordEncoder) {
//        this.secretKey = secretKey;
//        this.bCryptPasswordEncoder = new BCryptPasswordEncoder(); // 初始化BCrypt编码器
//    }
//
//    @Override
//    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
//            throws IOException, ServletException {
//
//        HttpServletRequest httpRequest = (HttpServletRequest) request;
//        HttpServletResponse httpResponse = (HttpServletResponse) response;
//
//        // 检查请求URI是否为/login
//        if ("/user/login".equals(httpRequest.getRequestURI())) {
//            String encryptedPassword = httpRequest.getParameter("pwd");
////            System.out.println("解密过滤器: 处理请求中");
////            System.out.println("解密过滤器: 密钥: " + secretKey);
////            System.out.println("未解密的密码: " + encryptedPassword);
//
//            HttpServletRequest wrappedRequest = httpRequest;
//            if (encryptedPassword != null) {
//                try {
//                    // 解密密码
//                    String pwd = AESUtil.decrypt(encryptedPassword, secretKey);
//
//                    // 使用BCrypt对解密后的密码进行编码
//                    String bcryptEncodedPwd = bCryptPasswordEncoder.encode(pwd);
//
//                    // 将编码后的密码设置为请求属性
//                    wrappedRequest = new DecryptedHttpServletRequestWrapper(httpRequest, bcryptEncodedPwd);
//
//                    // 打印解密后的密码和编码后的密码
//                    System.out.println("解密后的密码: " + pwd);
//                    System.out.println("BCrypt编码后的密码: " + bcryptEncodedPwd);
//                } catch (Exception e) {
//                    httpResponse.sendError(HttpServletResponse.SC_BAD_REQUEST, "密码解密失败");
//                    System.out.println("密码解密失败: " + e.getMessage());
//                    return; // 阻止继续处理
//                }
//            }
//
//            // 继续过滤，使用包装后的请求
//            chain.doFilter(wrappedRequest, response);
//        } else {
//            // 如果不是/login接口，直接继续过滤
//            chain.doFilter(request, response);
//        }
//    }
//}
//package com.roadjava.rbac.security;
//
//import org.springframework.security.crypto.password.PasswordEncoder;
//import org.springframework.web.filter.GenericFilterBean;
//
//import javax.servlet.FilterChain;
//import javax.servlet.ServletException;
//import javax.servlet.ServletRequest;
//import javax.servlet.ServletResponse;
//import javax.servlet.http.HttpServletRequest;
//import javax.servlet.http.HttpServletResponse;
//import java.io.IOException;
//
//public class DecryptionFilter extends GenericFilterBean {
//
//    private final String secretKey;
//    private final PasswordEncoder passwordEncoder;
//
//    public DecryptionFilter(String secretKey, PasswordEncoder passwordEncoder) {
//        this.secretKey = secretKey;
//        this.passwordEncoder = passwordEncoder;
//    }
//
//    @Override
//    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
//            throws IOException, ServletException {
//
//        HttpServletRequest httpRequest = (HttpServletRequest) request;
//        HttpServletResponse httpResponse = (HttpServletResponse) response;
//
//        if ("/user/login".equals(httpRequest.getRequestURI())) {
//            String encryptedPassword = httpRequest.getParameter("pwd");
//            System.out.println("[解密过滤器] 收到加密密码: " + encryptedPassword);
//
//            if (encryptedPassword != null) {
//                try {
//                    // 1. 解密密码
//                    String rawPassword = AESUtil.decrypt(encryptedPassword, secretKey);
//                    System.out.println("[解密过滤器] 解密后密码: " + rawPassword);
//
//                    // 2. 对明文密码进行BCrypt编码
//                    String encodedPassword = passwordEncoder.encode(rawPassword);
//                    System.out.println("[解密过滤器] BCrypt编码后: " + encodedPassword);
//
//                    // 3. 使用编码后的密码继续流程
//                    HttpServletRequest wrappedRequest =
//                            new DecryptedHttpServletRequestWrapper(httpRequest, encodedPassword);
//                    chain.doFilter(wrappedRequest, response);
//                    return;
//                } catch (Exception e) {
//                    System.out.println("[解密过滤器] 解密失败: " + e.getMessage());
//                    httpResponse.sendError(HttpServletResponse.SC_BAD_REQUEST, "密码解密失败");
//                    return;
//                }
//            }
//        }
//
//        chain.doFilter(request, response);
//    }
//}
//package com.roadjava.rbac.security;
//
//import org.springframework.web.filter.GenericFilterBean;
//
//import javax.servlet.FilterChain;
//import javax.servlet.ServletException;
//import javax.servlet.ServletRequest;
//import javax.servlet.ServletResponse;
//import javax.servlet.http.HttpServletRequest;
//import javax.servlet.http.HttpServletResponse;
//import java.io.IOException;
//
//public class DecryptionFilter extends GenericFilterBean {
//
//    private final String secretKey;
//
//    public DecryptionFilter(String secretKey) {
//        this.secretKey = secretKey;
//    }
//
//    @Override
//    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
//            throws IOException, ServletException {
//
//        HttpServletRequest httpRequest = (HttpServletRequest) request;
//        HttpServletResponse httpResponse = (HttpServletResponse) response;
//
//        // 只处理登录请求
//        if ("/user/login".equals(httpRequest.getRequestURI())) {
//            String encryptedPassword = httpRequest.getParameter("pwd");
//            System.out.println("[解密过滤器] 收到加密密码: " + encryptedPassword);
//
//            HttpServletRequest wrappedRequest = httpRequest;
//            if (encryptedPassword != null) {
//                try {
//                    // 1. 直接解密密码（不进行BCrypt编码）
//                    String rawPassword = AESUtil.decrypt(encryptedPassword, secretKey);
//                    System.out.println("[解密过滤器] 解密后密码: " + rawPassword);
//
//                    // 2. 使用原始密码继续流程
//                    wrappedRequest = new DecryptedHttpServletRequestWrapper(httpRequest, rawPassword);
//                } catch (Exception e) {
//                    System.out.println("[解密过滤器] 解密失败: " + e.getMessage());
//                    httpResponse.sendError(HttpServletResponse.SC_BAD_REQUEST, "密码解密失败");
//                    return;
//                }
//            }
//
//            // 继续过滤器链
//            chain.doFilter(wrappedRequest, response);
//            return;
//        }
//
//        // 非登录请求直接放行
//        chain.doFilter(request, response);
//    }
//}